function user_Update($system, $record)
{
if (user_Validate($system, $record)) {
$recID = intval(@$record['ugr_ID']);
$rectype = $record['ugr_Type'];
$is_registration = $rectype == 'user' && $recID < 1;
if ($is_registration && $system->get_system('sys_AllowRegistration') == 0) {
$system->addError(HEURIST_REQUEST_DENIED, 'Registration is not allowed for current database');
} else {
if ($is_registration || $system->is_admin2($recID)) {
//do not allow registration if approvement mail cannot be sent
if ($is_registration) {
if (false && !checkSmtp()) {
$system->addError(HEURIST_SYSTEM_CONFIG, 'Error_Mail_Registration');
return false;
}
//check capture
if (@$_SESSION["captcha_code"] && $_SESSION["captcha_code"] != @$record['ugr_Captcha']) {
$system->addError(HEURIST_UNKNOWN_ERROR, 'Are you a bot? Please enter the correct answer to the challenge question');
return false;
}
if (@$_SESSION["captcha_code"]) {
unset($_SESSION["captcha_code"]);
}
}
if (@$record['ugr_Captcha']) {
unset($record['ugr_Captcha']);
}
$mysqli = $system->get_mysqli();
$res = mysql__select_value($mysqli, "select ugr_ID from sysUGrps where ugr_Name='" . $mysqli->real_escape_string($record['ugr_Enabled']) . "' or ugr_eMail='" . $mysqli->real_escape_string($record['ugr_eMail']) . "'");
if ($res != $recID) {
$system->addError(HEURIST_INVALID_REQUEST, 'The provided name or email already exists');
return false;
}
$is_approvement = false;
//encrypt password
$tmp_password = null;
if ($rectype == 'user') {
if (@$record['ugr_Password'] && $record['ugr_Password'] != '') {
$tmp_password = $record['ugr_Password'];
$record['ugr_Password'] = hash_it($tmp_password);
} else {
unset($record['ugr_Password']);
}
if ($system->get_user_id() < 1) {
//not logged in - always disabled
$record['ugr_Enabled'] = "n";
}
if ("y" == @$record['ugr_Enabled']) {
$is_approvement = user_isApprovement($system, $recID);
}
}
$res = mysql__insertupdate($mysqli, "sysUGrps", "ugr", $record);
if (is_numeric($res) > 0) {
$new_recID = $res;
//actions on complete
if ($rectype == 'user') {
$rv = true;
if ($recID < 1 && $system->get_user_id() < 1) {
$rv = user_EmailAboutNewUser($system, $new_recID);
} else {
if ($recID < 1 || $is_approvement) {
$rv = user_EmailApproval($system, $new_recID, $tmp_password, $is_approvement);
}
}
if (!$rv) {
return false;
}
} else {
if ($recID < 1) {
//this is addition of new group
//add current user as admin for new group
//changeRole($recID, get_user_id(), "admin", null, false, true);
}
}
return $res;
//returns affected record id
} else {
$system->addError(HEURIST_DB_ERROR, 'Cannot update record in database', $res);
}
} else {
$system->addError(HEURIST_REQUEST_DENIED, 'Operation denied. Not enough rights');
}
}
} else {
//$system->addError(HEURIST_INVALID_REQUEST, "All required fields are not defined");
}
return false;
}
$s = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./';
$salt = $s[rand(0, strlen($s) - 1)] . $s[rand(0, strlen($s) - 1)];
return crypt($passwd, $salt);
}
if (@$_REQUEST['username']) {
mysql_connection_overwrite(USERS_DATABASE);
$username = mysql_real_escape_string($_REQUEST['username']);
$res = mysql_query('select ugr_ID,ugr_eMail,ugr_FirstName,ugr_Name from sysUGrps usr where usr.ugr_Name = "' . $username . '" or ugr_eMail = "' . $username . '"');
$row = mysql_fetch_assoc($res);
$username = $row['ugr_Name'];
$user_id = $row['ugr_ID'];
$email = $row['ugr_eMail'];
$firstname = $row['ugr_FirstName'];
if ($user_id) {
$new_passwd = generate_passwd();
mysql_query('update sysUGrps usr set ugr_Password = "******" where ugr_ID = ' . $user_id);
$email_title = 'Password reset';
$email_text = "Dear " . $firstname . ",\n\n" . "Your Heurist password has been reset.\n\n" . "Your username is: " . $username . "\n" . "Your new password is: " . $new_passwd . "\n\n" . "To change your password go to Profile -> My User Info in the top right menu.\nYou will first be asked to log in with the new password above.";
$email_header = 'From: ' . HEURIST_MAIL_TO_INFO;
$rv = sendEmail($email, $email_title, $email_text, $email_header);
if ($rv == "ok") {
print '<p>Your password has been reset. You should receive an email shortly with your new password.</p>' . "\n";
} else {
print '<p style="color: red;">' . $rv . '</p>' . "\n";
}
} else {
$error = '<p style="color: red;">Username does not exist</p>' . "\n";
}
}
if (!@$_REQUEST['username'] || @$error) {
?>
if (!$username) {
$LOGIN_ERROR = 'Username is mandatory';
}
if (!$password) {
$LOGIN_ERROR = 'Password is mandatory';
}
if (strlen($username) < 5) {
$LOGIN_ERROR = 'Username must be 5 characters at least';
}
if (strlen($password) < 5) {
$LOGIN_ERROR = 'Password must be 5 characters at least';
}
$eMail = @$_REQUEST['email'];
mysql_connection_insert(USERS_DATABASE);
// Make the current user the owner and admin of the new database
mysql_query('UPDATE ' . USERS_TABLE . ' SET ' . ($eMail ? ' ugr_eMail="' . mysql_real_escape_string($eMail) . '", ' : '') . 'ugr_Name="' . mysql_real_escape_string($username) . '", ' . 'ugr_Password="******" WHERE ugr_ID=2');
if (mysql_error()) {
print "<h2>Unable to update owner email and password for database<h2> SQL error:" . mysql_error();
"<p>Please contact Heurist developers for help</p>";
} else {
$needRegistration = false;
$_REQUEST['username'] = $username;
$_REQUEST['password'] = $password;
}
} else {
mysql_connection_select(USERS_DATABASE);
//verify that this database has proper owner userId=2
$res = mysql_query('select ugr_Password from ' . USERS_TABLE . ' where ' . USERS_ID_FIELD . ' = 2');
$needRegistration = ($user = mysql_fetch_assoc($res)) && $user[USERS_PASSWORD_FIELD] == "TO BE RESET";
}
if (!$needRegistration) {
